AI Sec Watch

Hugo Barra, a former Meta executive, has returned to the company to lead AI development efforts, reflecting Meta's shift in focus from virtual reality to artificial intelligence. Meta is investing heavily in AI infrastructure and acquiring AI agent technology (software designed to perform tasks autonomously) companies like Dreamer, Manus, and Moltbook to compete with rivals like OpenAI and Google. The company is spending up to $135 billion this year on capital expenditures, mostly for AI infrastructure, as it attempts to develop a competitive strategy in the rapidly evolving AI market.

OpenAI shut down its Sora short-form video app, which had reached one million downloads in its first five days before being discontinued six months later. The company is closing the app as part of cost-cutting efforts while preparing for a potential public offering, and will soon provide a timeline for users to preserve their work from the platform.

In September 2025, Anthropic revealed that a state-sponsored attacker used an AI coding agent to autonomously conduct cyber espionage against 30 global targets, with the AI handling 80-90% of operations itself. Traditional security defenses are built around detecting attackers moving through a multi-step "kill chain" (a sequence of stages from initial access to data theft), but compromised AI agents already have legitimate access, broad permissions, and normal reasons to move data across systems, so they skip the entire detection chain. This makes AI agents particularly dangerous because their malicious activity looks identical to normal behavior, and existing security tools cannot easily tell the difference.

Agentic commerce refers to AI agents that can execute transactions autonomously on behalf of users, rather than just providing information. For this to work safely and reliably, organizations need master data management (MDM, the discipline of creating a single authoritative record for each entity) and high-quality data to ensure agents can correctly identify who is transacting, what permissions they have, and where responsibility lies, because agents cannot catch data errors the way humans can.

Anthropic has released an 'auto mode' for Claude Code, a tool that allows an AI to make decisions and take actions on a user's computer without asking permission each time. The auto mode is designed to be safer than giving the AI full freedom to act, since the AI could otherwise delete files, leak sensitive data, or run harmful code without the user's knowledge.

Malicious versions of LiteLLM, a popular Python library for working with large language models, were published on PyPI and stole credentials from developer environments before being removed after about two hours. The malware used a three-stage attack to harvest sensitive data like API keys, cloud credentials, and SSH keys (private authentication files), then encrypted and sent them to attacker-controlled servers. This incident is part of a larger supply chain attack (a coordinated effort to compromise widely-used software) called TeamPCP that also affected other developer security tools.

Anthropic released a new Claude plugin that uses dimensional analysis (a technique for tracking units of measurement in code) to find bugs more effectively than traditional LLM-based security tools. Instead of asking an AI to identify vulnerabilities directly, the plugin uses the LLM to annotate code with dimensional types, then mechanically flags mismatches, achieving 93% recall compared to 50% for standard prompts.

The identity and access management (IAM) market, which handles who gets access to systems and data, is growing rapidly and shifting focus from simple password-based login toward treating identity as a core security layer. Organizations are increasingly adopting phishing-resistant authentication methods like passkeys (security keys that replace passwords) and managing non-human identities (service accounts, API keys, and AI agents), which now outnumber human users in most enterprises by about three to one. This shift is driven by the rise of agentic AI (autonomous AI systems that act independently) and stricter regulations requiring continuous verification of who accesses what data.

OpenAI's Model Spec is a formal framework that explicitly defines how AI models should behave across different situations, including how they follow instructions, resolve conflicts, and operate safely. The document is designed to be public and readable so that users, developers, researchers, and policymakers can understand, inspect, and debate intended AI behavior rather than having it hidden inside training processes. The Model Spec is not a claim that current models already behave perfectly, but rather a target for improvement that OpenAI uses to train, evaluate, and iteratively improve model behavior over time.